Secure Code Warrior survey sheds light on attitudes towards coding security
According to a new survey from Secure Code Warrior, only 29% of developers believe that writing vulnerability-free code should be a priority.
The company’s State of Developer-Driven Security 2022 survey collected information from 1,200 developers in Asia-Pacific, Europe and North America, and found that developers’ actions and attitudes toward of software security are contradictory in today’s climate.
The survey found that while many developers recognize the importance of applying a security-first approach to the software development lifecycle, 86% do not consider application security a top priority when writing of code.
This may be partly related to the finding that more than half of the 1,200 developers surveyed were unable to ensure their code was protected against seven common vulnerabilities.
Secure Code Warrior undertook the survey to help determine ways developers can take proactive steps toward secure coding to prevent common attacks at the source.
They say developers continue to face competing priorities and cite many management barriers that prevent them from creating secure code earlier in the development process. The most common barriers were time constraints to meet deadlines (24%), or developers not having enough training or guidance on how to implement secure coding from their managers (20 %).
A large percentage of developers surveyed, however, use training. 81% of respondents said they use the knowledge gained from the training almost daily, but unfortunately, 67% still knowingly pass vulnerabilities into their code.
A demand for different training experiences was also seen, with one in four developers wanting more self-paced, multimedia-guided training and one in five believe training would be perceived as greatly improved if industry certification was a results.
Secure Code Warrior co-founder and CEO Pieter Danhieux says there’s a shift in the developer community, who are increasingly security conscious, but work environments and processes often get in the way to reach their full safety potential.
“Developers want to do the right thing, and although they’re starting to care more about security, their work environment doesn’t always allow them to make it a priority,” he says.
“Often, the tools at their disposal — and the methods they deploy — get out of trouble rather than actively reducing risk, and their priorities remain misaligned with the security team.”
He says behavior change for good coding patterns will help organizations reach their full potential and create better security outcomes.
“While organizations encourage secure coding practices, developers are unsure how these are defined in their day-to-day work and what is expected of them.
“To achieve a higher level of code quality, organizations must formalize secure coding standards as they apply to developers and guide behavior change that reinforces good coding patterns and enables rapid security.”